blob: c2671773a5074817c800ac94a8581be0609d6d9a [file] [log] [blame]
// These tests use the various test servers run by Google
// at badssl.com. To be polite they sleep 1 second before
// each test.
//
#[allow(dead_code)]
mod common;
mod online {
use super::common::{TlsClient, polite};
fn connect(hostname: &str) -> TlsClient {
TlsClient::new(hostname)
}
#[test]
fn no_cbc() {
polite();
connect("cbc.badssl.com")
.fails()
.expect(r"TLS error: AlertReceived\(HandshakeFailure\)")
.go()
.unwrap();
}
#[test]
fn no_rc4() {
polite();
connect("rc4.badssl.com")
.fails()
.expect(r"TLS error: AlertReceived\(HandshakeFailure\)")
.go()
.unwrap();
}
#[test]
fn expired() {
polite();
connect("expired.badssl.com")
.fails()
.expect(r"TLS error: WebPKIError\(CertExpired\)")
.go()
.unwrap();
}
#[test]
fn wrong_host() {
polite();
connect("wrong.host.badssl.com")
.fails()
.expect(r"TLS error: WebPKIError\(CertNotValidForName\)")
.go()
.unwrap();
}
#[test]
fn self_signed() {
polite();
connect("self-signed.badssl.com")
.fails()
.expect(r"TLS error: WebPKIError\((UnknownIssuer|CertExpired)\)")
.go()
.unwrap();
}
#[test]
fn no_dh() {
polite();
connect("dh2048.badssl.com")
.fails()
.expect(r"TLS error: AlertReceived\(HandshakeFailure\)")
.go()
.unwrap();
}
#[test]
fn mozilla_old() {
polite();
connect("mozilla-old.badssl.com")
.expect("<title>mozilla-old.badssl.com</title>")
.go()
.unwrap();
}
#[test]
fn mozilla_inter() {
polite();
connect("mozilla-intermediate.badssl.com")
.expect("<title>mozilla-intermediate.badssl.com</title>")
.go()
.unwrap();
}
#[test]
fn mozilla_modern() {
polite();
connect("mozilla-modern.badssl.com")
.expect("<title>mozilla-modern.badssl.com</title>")
.go()
.unwrap();
}
#[test]
fn sha256() {
polite();
connect("sha256.badssl.com")
.expect("<title>sha256.badssl.com</title>")
.go()
.unwrap();
}
#[test]
fn many_sans() {
// This exercises webpki, but also handshake reassembly.
polite();
connect("1000-sans.badssl.com")
.expect("<title>1000-sans.badssl.com</title>")
.go()
.unwrap();
}
#[test]
fn too_many_sans() {
polite();
connect("10000-sans.badssl.com")
.fails()
.expect(r"TLS error: CorruptMessagePayload\(Handshake\)")
.go()
.unwrap();
}
#[test]
fn rsa8192() {
polite();
connect("rsa8192.badssl.com")
.expect("<title>rsa8192.badssl.com</title>")
.go()
.unwrap();
}
#[test]
fn sha1_2016() {
polite();
connect("sha1-2016.badssl.com")
.fails()
.expect(r"TLS error: WebPKIError\(CertExpired\)")
.go()
.unwrap();
}
#[cfg(feature = "dangerous_configuration")]
mod danger {
#[test]
fn self_signed() {
super::polite();
super::connect("self-signed.badssl.com")
.insecure()
.expect("<title>self-signed.badssl.com</title>")
.go()
.unwrap();
}
}
}